Shadow IT Part 2: Light in the Darkness
Updated: Nov 13
Part 2 is a continuation of our Shadow IT discussion from Traveler’s whitepaper, “Shining a Light on Shadow IT”. We’ve learned what Shadow IT is and how it arises, but what are the specific risks? And how does the IT team work to combat them?
Technology vulnerability is scary for the IT department, as it’s their job to protect data and systems so that operations continue normally. All eyes are scanning for threats, but Shadow IT performed by non-technical employees still slips by. Traveler’s states, “…studies show that a mere 8% of IT leaders worldwide have any meaningful visibility into their companies’ Shadow IT usage at all.” IT can’t regulate what they don’t know is happening. Fortunately, there are solutions available to help minimize Shadow IT use and give better insight to those who guard company data.
Insecure Public Clouds
Shadow IT is executed under the radar, where security is often overlooked in favor of the cheapest option. Large Public Clouds are cost-effective and guarantee accessibility and scalability, yet lack advanced security features. In the Public Cloud, data lives in a multi-tenant environment, where companies share storage space. Economies of scale drive the cost down but create security weaknesses from exposure to other networks. Cybercriminals looking to make easy money will attack the most defenseless targets, holding data for ransom and costing your company large sums of money.
To avoid data theft, your business can partner with a Private or Hybrid Cloud provider to enhance security. Private and Hybrid Clouds are dedicated; the server space is only used and controlled by one company, with data encrypted and stored behind a firewall. Leveraging a Cloud partner allows an IT team to work directly with experts for troubleshooting support and upgrades, freeing them to do more innovative projects. Employing a Cloud partner does increase the overall cost, but provides a higher level of security, reliability, and support which eliminates the occurrence of Shadow IT Cloud services.
Insecure Mobile Devices
“An Ernst & Young research study shows that approximately 22% of all mobile devices will be lost or stolen. Fifty percent will never be recovered,” (Shining a Light on Shadow IT). Convenience and mobility are compelling reasons to allow employees to use personal devices for work. But how do you manage the security risks? Employees transfer files to their unsecured laptops, leave their smartphones behind at a restaurant, and share sensitive information to the wrong contact. While these actions are not purposefully malicious, they can lead to negative consequences for the entire business.
An IT team cannot individually monitor all devices for external threats, but there is a solution that allows supervision from a central dashboard. Partnering with a Cloud provider to implement Mobile Device Management gives the IT department a high-level view of employee device behavior. Managers can control which devices receive certain information as well as wipe them remotely if they’re lost. Personal devices can be upgraded with anti-virus and other security software to protect synced data and be consistently monitored for cybercriminal activity.
Insecure File Storage
Along the same vein, employees often use personal email services to send large files, evading the size restrictions set up on corporate servers. Hackers often send malware through email, which is why network administrators establish security measures in the first place. Employees who download and share files to non-protected devices or personal email are using Shadow IT. This practice risks data theft, monetary loss, and compliance violations.
IT Managers can proactively guard against Shadow IT file storage by utilizing a Data Protection solution. Data Protection encrypts files from the moment it leaves the server. All company information is backed up and stored in an offsite data center or in the Cloud, giving employees continuous availability and security.
To Sum Up
IT Managers are entrusted with keeping corporate data safe, but their jobs are made more difficult when employees use rogue Shadow IT practices. You can defend against Shadow IT by:
Educating your staff. Train employees to recognize and report threats and enforce standard security policies for all projects. Foster a culture of transparency and knowledge to build confidence in the IT team’s standards.
Partner with a Cloud provider. Leverage expertise and professional support to protect your data and networks. The provider will handle the day-to-day IT operations, giving your IT staff the opportunity to innovate in your business. As you continue to work to secure your company’s IT practices, Iserv can help manage risks with custom-built Cloud, Mobile Device Management, and Data Protection solutions.
Thank you to Traveler’s for a very well written whitepaper, “Shining a Light on Shadow IT”, that inspired me to continue to educate about the risks associated with Shadow IT.